GDPR management with SAP GRC

The General Data Protection Regulation (GDPR) came into effect 25 May 2018, changing the European privacy landscape, meaning a number of new challenges for organizations in managing these new requirements. Deloitte’s approach for effectively managing GDPR requirements builds upon SAP GRC technology

Our solution

Deloitte helps organizations end-to-end in establishing governance and frameworks for managing GDPR to implementation of GRC technology that supports routines and processes to ensure risk mitigation, oversight and compliance.

Deloitte’s approach for effectively managing GDPR requirements builds on the SAP GRC portfolio, specifically SAP GRC Risk Management and SAP GRC Process Controls. Deloitte’s GDPR extension pack offers customized functionality in SAP GRC to enhance the functionality and tailor a more GDPR look and feel, as well as customizable GDPR content for rapid deployment of the solution.

With SAP GRC and Deloitte GDPR extension pack, organizations will be able to effectively and efficiently manage critical GDPR processes and activities across the entire organization. Among these are;

• Master data management – Organizations, Processes, Risks, Controls, and Regulations 
• Data Treatments – Recording data treatments in end-to-end processes
• Risk Identification & Assessments – Assess risks for data treatments or data objects or perform PIA (Privacy impact analysis) or other risk assessments for specific processes, activities, vendors/third parties etc.
• GDPR Control Assessments - Through automated controls, self-assessments or even performing
• Policy Management – effectively manage GDPR, BCR etc. Policies including employee or third parties
• Rights request – Recording of requests coming through email and automated recording of requests and actions
• Incident Management – recording, managing and reporting on incidents such as security breaches or other relevant incidents
• DPO dashboard – for GDPR look and feel and with build in features such as notifications, warnings automated field updates etc.

The Deloitte extension pack enables organizations to integrate the management of GDPR and DPO activities in their normal Risk & Compliance processes enabling one source of the truth for risks and controls.

Reduce duplicate work-efforts

Utilizing the same GRC system for GDPR as for managing e.g. Risk and Controls over financial reporting or General IT Controls, organizations can save a lot of efforts when managing controls that covers same risks. 

Without a centralized system in place, control efforts might be duplicated and performed for GDPR, Financial Reporting and General IT Controls and increase the overall spend of controlling and the cost of mitigating the risk. With SAP GRC you can link Risks to multiple controls in order to create a transparent overview of Risk and Controls, hence identifying and reducing duplicate efforts while still taking credit for Controls performed by others in the organization.